Home/ Questions/Q 3751070
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T09:01:20+00:00

I am developing an ASP.NET website. There are some pages on my sit that

  • 0

I am developing an ASP.NET website. There are some pages on my sit that I want him to see only if he is a registered user. If not, he should be redirected to the appropriate page. Should I be checking this on the Page_load event that the user is logged in or not?

If the user types the name of the URL, this would still work, right?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here is what I do for some of simplest websites. It uses typical forms authentication. From global.ascx.cs:

    protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
    var unsecuredPages = new[]
                             {
                                 "test.htm",
                                 "email.htm"
                             };

    bool letThrough = unsecuredPages.Any(s => Request.RawUrl.ToLowerInvariant().Contains(s));
    if (letThrough)
    {
        return;
    }

    if (!User.Identity.IsAuthenticated &&
        !Request.RawUrl.Contains(FormsAuthentication.LoginUrl))
    {
        FormsAuthentication.SignOut();
        FormsAuthentication.RedirectToLoginPage();
    }
}

    You explicitly specify pages that should be visible to all users and all other requests will be redirected to the login page. My web.config looks something like this:

    <authentication mode="Forms">
    <forms loginUrl="Login.aspx" protection="All" timeout="480" name="xyz" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="true"/>
</authentication>
<location path="Styles">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
    • 0